Enterprise Mobile Application Management

Jan 18, 2012

Share

Ever since Apple introduced the iPhone, we have seen dramatic changes in our personal and work lives. Today, mobile devices and tablets are indispensable parts of our everyday lives. Thanks to the rapid innovation in technology and mobile application development, mobile usage trends and consumer behaviour is changing dynamically,

Financial companies & enterprises have begun realizing the importance of mobilizing and empowering their customers & employees. While financial companies are using mobile as a tool to engage their customers and enhance their experience, enterprises are relying on tablets to increase employee productivity and operational efficiency. Enterprises mobility, and also enterprise mobile application management, is becoming more important than ever before.

Enterprises are now deploying mobility solutions to empower their employees with quick access to information, as well as to automate internal processes to reduce manual errors and delays. However, for most enterprises, security remains a major concern and a continuing barrier to the effective implementation of a mobility strategy. This is one of the reasons enterprise mobile application management has become so important.

As financial companies and enterprises have begun to mobilize applications, employees have begun using their own devices to access data and to complete their day to day tasks. On the other hand, customers are also using their enterprise mobile devices to access financial data & carry out banking transactions.

Enterprises are currently at crossroads as they are yet to figure out the best way to manage data security or enterprise mobile application management, as the ecosystem is in a nascent stage and is still evolving. Enterprise mobile application management is an upcoming frontier that needs to be addressed by businesses large and small. The key is to choose an implementation which can enhance user experience without compromising the enterprise security.

Below are some of the top security threats faced by mobile applications, and ones that can be addressed with enterprise mobile application management:

Mobile attacks happen across points

Browser

Apps

Malware

Network

Webserver

Database

We’ll now take a look at a few cases based on the above mentioned access points:

Browser

Client Side Injection

Applications using browser libraries such as HTML and XML stand several risks

including device compromise and toll fraud

Phone

Insecure Data Storage

Data that is stored locally and that is synced to the cloud – threats due to insecure data storage are 1) loss of confidential data 2) Credential disclosure

App

Side Channel Data Leakage

This is seen when there are programing flaws along with a scenario when the platform features are disabled. This leads to privacy violations

Reverse engineering of the code

This is a threat which is still evolving but definitely something to watch out for. If the code of the application is reverse engineered it will enable the hacker to get access to the flow of the application and it will help him or her create a duplicate version

Malware

Untrusted Inputs taking Security Decisions

Malicious apps and client side injections normally cause these type of attacks, which can lead to loss of data (Passwords for example), and privileges

Network

Improper Transport Layer Protection

Weakly encrypted data might lead to attacks like ‘Man In the Middle’, tampering of data in transit leading to the loss of confidential data.

Network

Improper Session Handling

Since the sessions are much longer in the case of mobile applications compared to web applications and because mobile applications use HTTP cookies & SSO authentication, the chances of unauthorized access to applications & payments & licenses are high. This is one of the most serious threats

Webserver

Weak Server Side Controls

Backend services might not be configured properly which normally affects the integrity of the data being transferred

Database

Poor Authorization and Authentication

When immutable values (UUID, IMEI, IMSI) are used in the code to develop an app, chances of it being compromised is high. Hence it faces the risk of unauthorized access & privilege escalation

It is the highly recommended to take adequate measures in order to safeguard applications from these threats before they are made available to the customers & employees.

Based on our experience working with a vast client base across verticals, we will be sharing a few best practices to tackle these security issues in our upcoming blog post on enterprise mobile application management.

By Kiran Elengickal
To contact the author, mail to: kirane@rapidvaluesolutions.com

Company

Connect With Us

24/7 Toll Free

This website uses cookies to ensure you get the best experience on our website. Learn MoreACCEPT

Privacy Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.